[Fedora-directory-users] pam.conf on Solaris 2.6?

Vsevolod (Simon) Ilyushchenko simonf at cshl.edu
Tue Nov 29 19:36:49 UTC 2005 

Hi,

Has anyone been able to make OpenLDAP work via pam.con in Solaris 2.6? 
(Don't ask. :) The 'id' and 'su' commands don't even use LDAP, and when 
I enable UsePam in openssh, the LDAP calls are made, but the user is not 
recognized. When I look at the traffic, I see this:


   0.003082 client -> server LDAP MsgId=2 Search Request, Base 
DN=dc=cshl,dc=edu

... The correct uid is requested.


   0.003882 server -> client LDAP MsgId=2 Search Entry, 1 result

... Correct user entry is returned, but the next client request is very 
puzzling:


   0.005893 client -> server LDAP MsgId=3 Bind Request, 
DN=uid=ilyush,ou=People,dc=cshl,dc=edu

0000  00 11 25 29 98 74 00 30 7b 94 f2 94 08 00 45 00   ..%).t.0{.....E.
0010  00 85 e1 2c 40 00 fe 06 4a 84 8f 30 07 df 8f 30   ..., at ...J..0...0
0020  2a 82 fa 6a 01 85 6c c4 0b 8c eb 0c 9d d6 50 18   *..j..l.......P.
0030  22 38 d4 76 00 00 30 5b 02 01 03 60 37 02 01 03   "8.v..0[...`7...
0040  04 23 75 69 64 3d 69 6c 79 75 73 68 2c 6f 75 3d   .#uid=ilyush,ou=
0050  50 65 6f 70 6c 65 2c 64 63 3d 63 73 68 6c 2c 64   People,dc=cshl,d
0060  63 3d 65 64 75 80 0d 08 0a 0d 7f 49 4e 43 4f 52   c=edu......INCOR
0070  52 45 43 54 a0 1d 30 1b 04 19 31 2e 33 2e 36 2e   RECT..0...1.3.6.
0080  31 2e 34 2e 31 2e 34 32 2e 32 2e 32 37 2e 38 2e   1.4.1.42.2.27.8.
0090  35 2e 31                                          5.1


Obviously, this attempt to login does not work:

   0.006885 server -> client LDAP MsgId=3 Bind Result, Invalid credentials

0000  00 00 0c 07 ac 2a 00 11 25 29 98 74 08 00 45 00   .....*..%).t..E.
0010  00 36 21 22 40 00 40 06 c8 de 8f 30 2a 82 8f 30   .6!"@. at ....0*..0
0020  07 df 01 85 fa 6a eb 0c 9d d6 6c c4 0b e9 50 18   .....j....l...P.
0030  16 d0 50 ea 00 00 30 0c 02 01 03 61 07 0a 01 31   ..P...0....a...1
0040  04 00 04 00                                       ....


I've taken the pam.conf file that works fine for me on Solaris 8 and 
removed all the non-existent libraries. Here it is:

***
login   auth sufficient         pam_unix.so.1
login   auth required           pam_ldap.so.1

rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth required           pam_unix.so.1

dtlogin auth required           pam_unix.so.1

rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix.so.1

other   auth sufficient         pam_unix.so.1
other   auth sufficient   	pam_ldap.so


login   account sufficient      pam_unix.so.1
login   account required   	pam_ldap.so

other   account sufficient      pam_unix.so.1
other   account required   	pam_ldap.so


other   session required        pam_unix.so.1

dtsession       auth required   pam_unix.so.1

passwd  auth required           pam_passwd_auth.so.1
ppp     auth required           pam_unix.so.1
ppp     auth required           pam_dial_auth.so.1
cron    account required        pam_unix.so.1
***

Thanks,
Simon
-- 

Simon (Vsevolod ILyushchenko)   simonf at cshl.edu
				http://www.simonf.com

"Think like a man of action, act like a man of thought."

		         Henri Bergson

More information about the Fedora-directory-users mailing list